Re: What "Personal Security Manager"?

To: Joseph Carter <knghtbrd@debian.org>
Cc: Robert van der Meulen <rvdm@cistron.nl>, debian-devel@lists.debian.org
Subject: Re: What "Personal Security Manager"?
From: Dale Scheetz <dwarf@polaris.net>
Date: Fri, 15 Dec 2000 11:16:39 -0500 (EST)
Message-id: <[🔎] Pine.LNX.4.21.0012151044520.32465-100000@dwarf>
In-reply-to: <20001117145816.A14791@debian.org>

Well, once I got apt-get to do a complete upgrade, I got the new mozilla,
which starts the first time pointing to the FAQ. The first question there
tells how to get psm. (I later noticed that there is an upgrade button in
the menu structures as well)

Now that I have psm I still must use Netscrape to talk to my bank, as
Mozilla's attempt to connect is refused by the bank, and I now have to put
up with all those pesky "you are now ..." message boxes.

On the point of your legal arguments. I've heard this before, but I also
understand that these are temporary conditions subject to change. I would
feel much more comfortable if we had some declaration from SPI's lawyers,
telling us what our legal responsibilities are.

Now if I can figure out which package set me up to refuse ftp and telnet
sessions...

Luck,

On Fri, 17 Nov 2000, Joseph Carter wrote:

> On Fri, Nov 17, 2000 at 10:49:57AM -0500, Dale Scheetz wrote:
> > My first guess would be because of some security algorithms. This has
> > always been a nagging problem for free software. Folks like Netscape and
> > M$ can produce integrated security systems (I presume they have a license
> > for doing so), but we must carefully put all our security code in an
> > offshore repository, making integration near impossible.
> 
> This is not true, and has not been true for many months now.  All we must
> do is agree that we will not do anything special to cause people in
> certain US-blacklisted countries to aquire it from us.  These countries we
> have a general trade embargo against anyway, so it's already illegal to
> give them Debian.  Of course, all we can do is put a disclaimer that our
> non-US software contains cryptographic software which downloading in
> certain countries may be illegal under US (and other) laws.
> 
> The only other thing we must do is send a notification to the government
> that we are doing this - we must do it for ftp.debian.org, but not for
> mirrors necessarily.  Why this is required is anybody's guess.  Several
> other non-US packages have already been included in main despite the fact
> that some of them directly include crypto code.  The fact that we have
> done this coupled with the fact that we decided not to jump through these
> minor hoops - or even seek legal advise on the issue - could put us at
> some risk.
> 
> 
> IMO, despite the conspiracy theories that can be derived from the
> requirement that we register our primary access site with the US gov't,
> there is absolutely no reason Debian cannot at this point fold non-US into
> main.  It is only blind paranoia and stubbornness (the US blacklist - many
> say they don't want Debian to limit its US mirrors to not willfully
> serving countries such as Iraq and Cuba that the US gov't just doesn't
> like in this manner.  Fact is though, it's already illegal to distribute
> Debian to those countries anyway from the US, so who gives a rip anyhow?)
> 
> 
> The only way this sorry state of affairs gets resolved is if people become
> aware that it is NOT illegal to distribute crypto from US sites to a world
> audience anymore provided you do a couple of very simple things so the
> gov't knows where to send the death commandos when the black helicopters
> attack and free thought is outlawed.  (heh)
> 
> If a simple reading of the regulations is insufficient, companies have
> sought legal advice on this matter and determined it legal to distribute
> the stuff with a disclaimer on the site.  Kernel.org determined the same.
> If you ask me (which you didn't I realize), this is worth Debian paying a
> lawyer for advice if it's necessary so we can do away with this split
> archive.
> 
> </rant>
> 
> 
> > I have often thought it would be useful for Debian to apply for a
> > munitions export license so we could integrate security into the
> > distribution in the same seamless fashion the proprietary vendors do.
> > Is this a job for SPI?
> 
> See above, all that is necessary nowadays is notification.
> 
> -- 
> Joseph Carter <knghtbrd@debian.org>               GnuPG key 1024D/DCF9DAB3
> Debian GNU/Linux (http://www.debian.org/)         20F6 2261 F185 7A3E 79FC
> The QuakeForge Project (http://quakeforge.net/)   44F9 8FF7 D7A3 DCF9 DAB3
> 
> <doogie> there is one bad thing about having a cell phone.
> <doogie> I can be reached at any time. :|
> <wmono> that's why I leave mine off at all times. ;>
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 
> 

Dwarf
--
_-_-_-_-_-   Author of "The Debian Linux User's Guide"  _-_-_-_-_-_-

aka   Dale Scheetz                   Phone:   1 (850) 656-9769
      Flexible Software              11000 McCrackin Road
      e-mail:  dwarf@polaris.net     Tallahassee, FL  32308

_-_-_-_-_-_- See www.linuxpress.com for more details  _-_-_-_-_-_-_-

Reply to:

Follow-Ups:
- Re: What "Personal Security Manager"?
  - From: "Eray Ozkural \(exa\)" <erayo@cs.bilkent.edu.tr>

Prev by Date: Re: Latest Mandrake
Next by Date: Re-Proposal -- Change constitution to adopt Smith/Condorcet vote tallying
Previous by thread: Re: Programs that parse other programs' output e.g. Emacs dired mode
Next by thread: Re: What "Personal Security Manager"?
Index(es):
- Date
- Thread